SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust
Identity underpins our PERSONAL life 2
Identity underpins our WORK life 3
So, what s the problem? TOO MANY IDENTITIES, TOO MANY PASSWORDS 4
Mega-breaches target password weaknesses 5
Solving the core issue BUILDING A TRUSTED DIGITAL IDENTITY & EMPOWERING MOBILITY 6
Achieving Usability & Security 7
SO HOW DO WE MOVE TOWARDS TRUSTED IDENTITES? 8
9
Benefits of a Mobile-Based Trusted Identity Protect the business & our customers New Services / better processes Improve productivity & UX Reduce IT cost and complexity 10
Powerful Native Features Enhance Security Device & Location Attributes TEE & Secure Element Application Sandbox Biometrics Crypto Out of Band Channel 11
Transparent/Low friction security that adapts to risk SECURITY LAYERS RISK VECTORS Jail broken phones Lost/stolen phones Rogue applications Breached credentials Impersonating devices Banking trojans/malware CNP fraud OPERATING SYSTEM DEVICE CHANNEL USER TRANSACTION Jailbreak detection Sandboxing Malware detection Trusted execution environment (TEE) Device fingerprinting Geo-location Device ID Protected application access Mutual SSL authentication Adaptive authentication Embedded digital ID Push authentication Push transaction signing Transaction signing tokens 12
MOVING TOWARDS THE PASSWORD-LESS ENTERPRISE 13
Use Cases APPROVALS & SIGNING PHYSICAL ACCESS TRANSACTION VERIFICATION LOGICAL ACCESS FEDERATE TO SAAS VPN
VPN Authentication PROBLEM: SOLUTION: Hardware tokens are secure but not user friendly Mobile Push Authentication simplifies 2FA for users and IT IT provisioning and logistics is complex Expensive, limited use technology 15
Mobile Push for VPN authentication xxxxx xxxxx xxxxx No hardware tokens to carry Better user experience Easy user provisioning Certificate approach is password-less 16
Physical / logical access PROBLEM: SOLUTION: Passwords are painful to use and insecure Transform mobile devices into multipurpose virtual smart cards Smart cards are expensive and complex to deploy Building access cards are insecure 17
Windows SCLO Traditional Smart Card 18
Windows SCLO Traditional Smart Card Mobile Virtual Smart Card Virtual smart card reader Convenient auto-detect Secure auto-logout 19
Physical access NFC-based communication to PACs Convenient / always in hand Strong Authentication Can t be skimmed PKI certificate-based Biometrics PIV / Derived Credential compliant 20
On-the-go approvals PROBLEM: SOLUTION: Constant need to improve business process (employees and customers) Use mobile for anywhere, anytime digital signing Many processes require formal approvals / signatures Traditional digital signing is complex to deploy and have a poor UX 21
Digital Signature Using Mobile 1. Transaction origination Doctor writing a prescription Banker offering a loan Employee submitting a requisition Enable Business Transformation 2. Transaction approval Convenient / user friendly process Improve internal efficiency Improve consumer experience 22
Summary Identity is critical to today s connected enterprise Dated authentication methods fall short Security Usability Cost / IT management Mobile trusted identities transform business and the password-less enterprise More secure More convenient Truly multi-purpose 23
Apply what you have learned today Next week you should: Identify opportunities and use cases in your organization whereby trusted identities on mobile devices can be leveraged In the first three months following this presentation you should: Assess the critical qualities that would be used in the vendor qualification process Begin vendor selection Within size months you should: Select a vendor s solution and conduct a pilot with your first use case Plan the implementation for supporting all use cases 24
BACK UP 25
All industries are at risk EMPLOYEE IDENTITIES ARE BECOMING A WEAK LINK 26
Mitigating the risk of fraud USE CASE 3 PROBLEM: SOLUTION: Fraud attacks are increasing in scope and sophistication Use mobile to verify transactions out of band defeating account takeovers Customer data, enterprise systems, intellectual property & money are at risk Malware can ride on authenticated user sessions 27
Mitigating the risk of fraud USE CASE 3 Compromised with desktop Malware? Let s say you want to execute a $5000 bank transfer How can you be sure your PC is not infected with malware? 28
Mobile for Transaction Verification USE CASE 3 Compromised with desktop Malware? Transaction details retrieved over secure connection Offline Transaction Verification QR Code 29
Mobile will become the New Enterprise Desktop Not portable Secure location Work only Portable Less Secure Locations Work & some personal Highly portable Anywhere anytime access BYOD
Mobile as the New Desktop DIGITAL IDENTITY 31
Entrust Datacard Corporate Overview Trusted Identities Secure Transactions Privately held, headquartered in Minneapolis, MN, USA Founded in 1969 Approximately $650M in annual revenue 2,000+ employees 34 worldwide locations Sales, service and support covering 150+ countries 32
So what s the problem? Too many identities Too many passwords Too many password rules / changes Lost / forgotten cards / hardware tokens More regulatory laws around identities 33
Mobile- A unique blend of security and usability Users want to carry them Always in hand Always connected Convenient Support work / personal balance Smart phones are becoming ubiquitous Both enterprise and consumer segments Technology and security allows them to be used for multi-purpose trusted identities 34
Adaptive Authentication Platform FRICTIONLESS EXPERIENCE No passwords Identify with a simple swipe Familiar for smartphone users Highly secure ENABLING SOLUTION RELEASE 11 Adaptive authentication identifies risks Layered security device, identity & behavior analytics Support for Apple, Samsung & Windows devices Transaction signing for CNP transaction 35
Security for Every Vulnerability MOBILE SECURITY Phone Jailbreak or Root Detection App Access Control PIN, Biometrics Device Authentication Device Fingerprinting Adaptive Authentication External Risk Engines & Contextual Data User Authentication Transparent OTP or Certificate-Based Transaction Authentication Mobile Push Notifications Strong Identity Protection TEE Storage ONLINE SECURITY AUTHENTICATION USER DEVICE CHANNEL TRANSACTION APPLICATION 36
Stronger controls are not always better More complex passwords? Hardware tokens for the masses? USB security keys? Smart cards? Some offer better security but Costly Logistics to issues / replace User have to carry them User experience frustrating Not multi-purpose Can you issue them to customers and partners?